Class XSSUtils
- java.lang.Object
-
- org.apache.sling.testing.clients.util.XSSUtils
-
public class XSSUtils extends java.lang.ObjectBasic class for XSS Testing The reliability of these methods are not critical
-
-
Constructor Summary
Constructors Constructor Description XSSUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static java.lang.StringencodeForHTML(java.lang.String source)Use to encapsulate new-style (XSSAPI-based) encoding for HTML element content.static java.lang.StringencodeForHTMLAttr(java.lang.String source)Use to encapsulate new-style (XSSAPI-based) encoding for HTML attribute values.static java.lang.StringencodeForJSString(java.lang.String source)Use to encapsulate new-style (XSSAPI-based) encoding for JavaScript strings.static java.lang.StringencodeForXML(java.lang.String source)Use to encapsulate new-style (XSSAPI-based) encoding for XML element content.static java.lang.StringencodeForXMLAttr(java.lang.String source)Use to encapsulate new-style (XSSAPI-based) encoding for XML attribute values.static java.lang.StringencodeUrl(java.lang.String urlString)Use to ensure that HTTP query strings are in proper form, by escaping special characters such as spaces.static java.lang.StringescapeHtml(java.lang.String htmlString)Use to encapsulate old-style escaping of HTML (using StringEscapeUtils).static java.lang.StringescapeXml(java.lang.String xmlString)Use to encapsulate old-style escaping of XML (with JSTL encoding rules).
-
-
-
Method Detail
-
encodeUrl
public static java.lang.String encodeUrl(java.lang.String urlString)
Use to ensure that HTTP query strings are in proper form, by escaping special characters such as spaces.- Parameters:
urlString- the string to be encoded- Returns:
- the encoded string
-
escapeHtml
public static java.lang.String escapeHtml(java.lang.String htmlString)
Use to encapsulate old-style escaping of HTML (using StringEscapeUtils). NB: newer code uses XSSAPI (based on OWASP's ESAPI).- Parameters:
htmlString- the string to be escaped- Returns:
- the escaped string
-
escapeXml
public static java.lang.String escapeXml(java.lang.String xmlString)
Use to encapsulate old-style escaping of XML (with JSTL encoding rules). NB: newer code uses XSSAPI (based on OWASP's ESAPI).- Parameters:
xmlString- the string to be escaped- Returns:
- the escaped string
-
encodeForHTML
public static java.lang.String encodeForHTML(java.lang.String source)
Use to encapsulate new-style (XSSAPI-based) encoding for HTML element content.- Parameters:
source- the string to be encoded- Returns:
- the encoded string
-
encodeForHTMLAttr
public static java.lang.String encodeForHTMLAttr(java.lang.String source)
Use to encapsulate new-style (XSSAPI-based) encoding for HTML attribute values.- Parameters:
source- the string to be encoded- Returns:
- the encoded string
-
encodeForXML
public static java.lang.String encodeForXML(java.lang.String source)
Use to encapsulate new-style (XSSAPI-based) encoding for XML element content.- Parameters:
source- the string to be encoded- Returns:
- the encoded string
-
encodeForXMLAttr
public static java.lang.String encodeForXMLAttr(java.lang.String source)
Use to encapsulate new-style (XSSAPI-based) encoding for XML attribute values.- Parameters:
source- the string to be encoded- Returns:
- the encoded string
-
encodeForJSString
public static java.lang.String encodeForJSString(java.lang.String source)
Use to encapsulate new-style (XSSAPI-based) encoding for JavaScript strings.- Parameters:
source- the string to be encoded- Returns:
- the encoded string
-
-